Merrill Lynch International – EMIR reporting fine
13 November 2017
Have the FCA been harsh? Perhaps. Do they care? No.
And indeed, the first key take away is that fining firms is becoming ever more central to Andrew Bailey’s FCA. In 2016, the FCA handed down fines of just over £22m. In 2017, you need to add a zero: to date the figure stands at around £225m. Of course, the sizeable £163m handed down to Deutsche Bank for AML failings skews the numbers. But even without that, the remaining £62m represents a threefold increase.
We can use this fine, however, to take note of how a similar fate can be avoided. Merrill’s failing, although considerable, was actually rather subtle. This was not a case of wanton disregard for the rules. There was an error with a static data table within the firm’s solution for reporting Exchange Traded Derivatives, meaning that the need for a market side report for some transactions with third party brokers was missed. In the grand scheme, this seems like a small error. For Merrill, however, it meant 68.5 million missed reports.
But how can you avoid such pain?
In the first instance, don’t just read this as an EMIR article. The FCA’s release on this fine takes pains to highlight the importance of MiFID related Transaction Reporting. And the errors made by Merrill could well be errors firms make in the final months before MiFID II implementation and indeed beyond.
Let us therefore consider the key points drawn out in the Merrill final notice:
- Pre-implementation testing: the FCA felt that the system was tested over too short a timescale and was hampered by a lack of front to back completeness testing. If you’re moving into the derivatives space and need to report, set aside adequate time for testing. And if you’re looking down the barrel of MiFID II implementation with some trepidation, fit as much testing as possible into the remaining two months, but also compliment this with comprehensive monitoring and refinement after implementation.
- Resourcing: the FCA was unhappy with the extent to which Merrill’s project was under resourced. By implementation, the personnel allocated was less than 50% of that projected as required pre-implementation. You should think very carefully about trying to do a project with reduced resources. And with MiFID II pending, now is a good time to reassess. Do you have the resource sufficient to deliver for January?
- Governance and Oversight: no one who delved into the depths of the FCA website to uncover this final notice will have been surprised to find a governance dimension. Shortly after implementation, the job of overseeing operation of Merrill’s ETD Reporting requirement was assigned to the same business area responsible for MiFID. However, the FCA concluded that senior management and risk reporting meetings did not examine the firm’s compliance with sufficient detail – a reminder to all firms that sometimes you need to get your hands dirty with the regulation. And with SMCR, doing so becomes ever more essential.
- Monitoring: Merrill’s monitoring was not designed such that it would have picked up the fundamental issue here, the failure to report certain legs of trades. You need to be careful when designing regulatory reporting monitoring systems. While it’s important to ensure the content of reports is correct, such good work can quickly seem worthless if the net is not cast wider and comfort gained that the all required reports are being submitted.
And while none of the above are easy fixes – leaving enough time for testing can be easier said than done; and hiring more resources is time consuming and costly – it is the governance and monitoring aspect that most strongly rear their heads as potential pests for any firm tackling major regulatory change.
What’s a budding CF10 (SMF16 if you’ve had the pleasure!) or Chief Exec to do?
Good governance is a must have in the world of SMR. When embarking on major regulatory change, ensure that senior staff have the infrastructure to oversee both the preparation and post-implementation phases. MI is crucial: if they don’t have the information, how can they provide effective challenge?
And remember that Merrill was provided false comfort by its monitoring. A danger when designing any testing or monitoring is that groupthink sets in and key stakeholders buy into an approach such that all its potential pitfalls are not considered. Engaging the designers of a solution to craft the monitoring increases the potential for this error. Ensure an independent voice drives or validates your approach.
Merrill’s failing was not to ignore a key regulatory requirement. They undertook to report as required by the rules. But some key missteps and ultimately regrettable business decisions meant that when it came to implementation, their reporting system had a subtle yet crucial flaw. And as MiFID II approaches and the reach of EMIR gets ever greater, this is a timely reminder that covering all the regulatory bases is a better investment than it can sometimes seem.